Hi,
I have standalone setup of elk stack (7.12.1) and I have huge amount of data pushing into elasticsearch. I created a job in ML with live data but job is not running in real time even though while creating job I have specified real time search.
When I'm cloning the existing job my records are getting updated but when running in real time search my job is not getting updated.
Kindly help.
Thank you.
"Huge" means how much exactly?
What is your setup? How many nodes? Size of nodes? Dedicated ML node?
How did you configure the job? What does the job summary page look like?
You'll need to provide specifics in order to get help here.
Thank you for your response.
I have a standalone setup of elk, like on a single node I have elasticsearch, logstash, filebeat and kibana.
This setup is only for poc purpose.
I have a log files with around 9 Million data.
I am using filebeat to read the data and send it to logstash, In logstash I have a parser written.
The problem is when I have created the ML job and have specified real time searching.
That is not updating in ML if I am ingesting more data, the data count is reflecting in discover but not in ML job
I have Advance ML job created with rare function.
Please provide the outputs of the following (replacing "jobname" with your ML job name):
GET _ml/anomaly_detectors/jobname/
GET _ml/anomaly_detectors/jobname/_stats
GET _ml/datafeeds/datafeed-jobname/_stats
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.